Security News

Files appearing to originate from Qualys were dumped online this afternoon on the Tor blog of the Clop criminal extortionists. Ransomware gang specialist Brett Callow, of infosec biz Emsisoft, told The Register: "Entities that have had dealings with Qualys should be on high alert."

A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. In a blog post titled Spectre exploits in the "Wild", researcher Julien Voisin shared a brief analysis of a Spectre exploit for Linux that had been uploaded to VirusTotal in early February.

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations unit of the U.S. National Security Agency. "The caught-in-the-wild exploit of CVE-2017-0005, a zero-day attributed by Microsoft to the Chinese APT31, is in fact a replica of an Equation Group exploit codenamed 'EpMe,'" Check Point researchers Eyal Itkin and Itay Cohen said.

Millions of COVID-19 test reports were found to be publicly accessible due to flawed online system implementation. The leak, comprising over 8 million COVID-19 test results, has been attributed to the Health and Welfare Department of West Bengal, India.

A CAD drawing of a radar antenna stolen and leaked online by criminals is of a military radar system produced by defense contractor Leonardo and fitted to a number of US and UAE aircraft, The Register has learned. The Register can reveal Clop got its hands on at least one drawing of a Leonardo Seaspray 7500E radar antenna, and divulged on its Tor-hidden website a rendering of the hardware in some detail - without its external covers usually seen in promotional material.

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.

The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web. Microsoft Edge 88 is rolling out to users in the Stable channel alongside some new privacy-focused features, including a long-awaited credentials monitor and a built-in password generator.

Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version. Microsoft Edge 88 now helps you improve the security of your online accounts with the password generator which suggests secure and strong passwords when updating existing credentials or signing up for new accounts.

The European Medicines Agency today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines. EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU. "The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet," the agency disclosed today.